Enforcing security and access control on geospatial web services is a thorny problem, and one which has not been traditionally well-addressed by the industry. Spatial data presents unique challenges that are not easily handled by the same methods used to secure other types of web content. Access may need to be granted or restricted based on geographic regions, imagery resolutions, scale, etc.
These types of conditions cannot be easily described by most existing access control technologies. Because a request for spatial data may be framed in a variety of ways, and includes complex geographic components, it is very difficult to understand exactly what is being requested without a thorough comprehension of the geospatial elements of the request. Any software that acts as a gatekeeper needs to be nearly as complex and intelligent as the services it is protecting.
Our geospatial security gateway lets you customize access based on user identity. You can apply watermarks, or limit access by resolution or specific geographic areas. All without having to duplicate the data or services. Easily create secure, customized services for each client.
MariaDB Geospatial solves these problems by leveraging our best-of-breed geospatial technology to implement a spatially aware access control mechanism. Completely integrated with our web services, the software analyzes each request and matches it against a set of predetermined rules to decide whether or not to allow access. Since it is integrated with the same services that it is protecting, it operates with full knowledge of the nature of each request.
Because security is implemented at the web service level, it is automatically available to all clients, from desktop to mobile. A set of encrypted credentials accompanies all requests, and one set of rules applies to all access. There is no way to bypass access control by going directly to the underlying services because it is part of those services. Indeed, many users will not even realize that security is in place. They will simply see a different set of data or geographic regions depending on their identity.
Using a simple web-based editor, rules can be applied to individual users, roles, IP addresses, or any combination thereof. Access may be granted based on web service types, map layers, feature types, map scales, image resolutions, geospatial regions and more. Rules may be set to expire at a given time. Watermarks may be applied for certain users and not for others. You can create distinct, customized web services for each client, just based on their identity.